Re: Audit report reg Bind version

Once you know that, see if that host is actually running BIND 9 or not.

If it is, read its configuration (typically /etc/named.conf) to see if it's configured to act as authoritative (= either master or slave) for any DNS zones or not.

If not, it's only working as a caching DNS resolver: turn on query logging and/or check the DNS settings of your servers (/etc/resolv.conf) to see which systemss (if any) use this BIND for hostname resolution.

If there are none, or if you can configure the systems to use a different nameserver, you can disable BIND:

Run "sh /sbin/init.d/named stop" and modify /etc/rc.config.d/namesvrs to say "NAMED=0" instead of "NAMED=1".

If you're required to keep BIND running after all (= either it's being used as an authoritative DNS server or a resolver for other hosts and you cannot move these things elsewhere), you should go to http://software.hp.com and search for BIND to find the latest BIND upgrade package for your HP-UX version: currently the latest for 11iv2 is C.9.3.2.8.0. It contains some backported patches compared to "vanilla" BIND source code package from its developer, isc.org. You might want to update to the latest version and then copy the list of fixed security bugs from the Release Notes to your response to the audit: according to the audit report, the auditor has only done a simple version number check, which may not take into account any backported patches in the HP-packaged version of BIND.

If that version is not new enough for your auditor's satisfaction, you have two options: either respond with "this is the latest version supported by HP; there is no newer version available", or get the latest BIND source code from isc.org and compile it yourself. The latter requires a working ANSI C compiler and someone with the basic skills for compiling Unix software from source.